diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Utils.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Utils.cs
index da9365a47836e4..9cae83b813411e 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Utils.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Utils.cs
@@ -329,7 +329,10 @@ internal static string GetIdFromLocalUri(string uri, out bool discardComments)
internal static string ExtractIdFromLocalUri(string? uri)
{
- string idref = uri!.Substring(1);
+ if (string.IsNullOrEmpty(uri))
+ throw new CryptographicException(SR.Cryptography_Xml_UriRequired);
+
+ string idref = uri.Substring(1);
// Deal with XPointer of type #xpointer(id("ID")). Other XPointer support isn't handled here and is anyway optional
if (idref.StartsWith("xpointer(id(", StringComparison.Ordinal))
diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTests.cs b/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTests.cs
index 72d8ea732b7bd9..f9b3d021c44bdc 100644
--- a/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTests.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTests.cs
@@ -1410,6 +1410,25 @@ public static void EncryptedKey_LoadXml_WithAllElements()
Assert.Equal(1, encKey.ReferenceList.Count);
}
+ [Fact]
+ [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework, "Throws NullReferenceException on .NET Framework")]
+ public static void DecryptDocument_RetrievalMethodWithoutUri_ThrowsCryptographicException()
+ {
+ const string xml =
+ "" +
+ "" +
+ "" +
+ "" +
+ "" +
+ "AA==" +
+ "" +
+ "";
+
+ var doc = new XmlDocument { XmlResolver = null };
+ doc.LoadXml(xml);
+ Assert.Throws(() => new EncryptedXml(doc).DecryptDocument());
+ }
+
#if NET
[Fact]
public static void EncryptedXml_RecursiveKey_Default()